Skip to content

Security

Jump to bottom
Joshua Thijssen edited this page May 30, 2020 · 9 revisions

I'm in no way a security expert, which makes it scary when trying to create a secure system for dealing with (personal) emails.

These are the things we thought about, or that still pose problems:

  • MailServer to MailServer uses TLS with ECDHE for perfect forwarding secrecy.
  • Everything depends on a single private RSA key (4096 bits). It is used for the following:
    • logging into the mailserver to read emails
    • logging into the mailserver to send emails
    • decrypting emails (which are encrypted through its public key)

should we use Ed25519 instead? Thoughts?

  • Once a private key is exposed, the following can happen
    • we can write emails on behalf of somebody
    • we can decrypt the catalog-key inside each message-header, which results in:
    • we can decrypt the blob-keys inside each message-catalog, which results in:
    • we can decrypt each blob of each message
  • Exposing a public key by itself means you need to know the actual email address. The only unencrypted email address reference is a SHA256 sum.

What and how are things encrypted?

Encryption works the following way:

  • We fetch the public key from the receiver. This can be done by contacting the receiver's mail-server, or maybe even through a DHT system.
  • We encrypt with AES256 the body-blocks and attachments of the message, each with its own key and IV.
  • We generate a catalog with information about these blocks: checksums, iv and encrypt the AES key's with the public RSA key of receiver
  • We encrypt the catalog with AES256, with a separate IV and Key
  • We create a message header, with the checksum of the catalog, together with the iv and encrypt this AES also with the public RSA key of the receiver.

Could we?

  • Private key should have a pass-phrase. Can we force this?
  • Can we store the private key securely in for instance the OSX keychain for example?
  • Can we decrease the attack surface? When a private key is compromised, we might be able to send/receive emails (provided we also know the actual email address for this private key), but can we somehow make sure we can't decrypt the emails?
  • Could every email be encrypted with a different key (like DH?). How would this work?

BitMaelum Logo

Clone this wiki locally